popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d3f82e492c50e007_window.exe
Submit file
Filepath C:\Windows\Temp\{B1041C16-8CED-4E0B-8387-15A7C1F728EC}\.cr\window.exe
Size 5.5MB
Processes 184 (window.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ff1f228292608887187198ef3885bd45
SHA1 216abbd4243feecd14ef00c69690d4a97612a796
SHA256 d3f82e492c50e007d4e90f86a863cd921862d529cb559f22d8c7e3b1b7d45c72
CRC32 F77420E8
ssdeep 98304:cfUbSXUe4p/OIHXFhFA42q0uJJ2FzD0Ja9Adn2nti+SHoWGXDLBFn3JDqxDApoNG:cfUBeDIHXhU2KZgEI2ti+SIRXD913J+6
Yara
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 0f7d44b65d3cfcd4_datastate.dll
Submit file
Filepath C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\datastate.dll
Size 59.5KB
Processes 2096 (window.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 151624caa0df9a94cf010b68bf3a221f
SHA1 38925319408896f0f2b4a288e9e6a6cbc9ee2135
SHA256 0f7d44b65d3cfcd4d8f978226c14734abdac22b1e173a794f761359220e9f74d
CRC32 B041BFC9
ssdeep 768:aTjIyQiGzQYcR8prNdqt8BIaT6dSzbPSRruhMY+X8s+uJnv0RLCp4w:KjNZIQYzrit8BrbPHMeWJn8RLCp4
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 89938a6b9e1a3614_intestacy_20250504154619.log
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Intestacy_20250504154619.log
Size 994.0B
Processes 2096 (window.exe)
Type ASCII text, with CRLF line terminators
MD5 edc47b178a42717cd48be3422e87b0b0
SHA1 08208e90c66315d19e45a5e7fe42742d52d2edee
SHA256 89938a6b9e1a3614ba279b30015589e1e1d71a92fbb418d3aef95fccf7530e7e
CRC32 0D3CECCB
ssdeep 24:olbAIcPmAA8dArt9cP2hi9cP29YGcP2V2FEGcP22GcP2iyn:o9xuBd+tcYickYhO2FEhvhryn
Yara None matched
VirusTotal Search for analysis
Name 7eb04620ab0e0ee7_bootstrapperapplicationdata.xml
Submit file
Filepath C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\BootstrapperApplicationData.xml
Size 4.7KB
Processes 2096 (window.exe)
Type XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 ca325e26e85af41d383e37ef58e33b0a
SHA1 98760d086170844fa7bdb234f16c19987b2653f6
SHA256 7eb04620ab0e0ee731035fee17bfa67783e37d04f34dfe2c2c3bd69217cf2796
CRC32 0E3DC85F
ssdeep 96:XnTnn68dg0bB0wDycv+rFn6K+80w8iycl/RCDn6xFH0wSycA+rFp8Mrq+5bKSrGC:XnjvYB3rFpi75E/Gj+4rFyc5OHC
Yara None matched
VirusTotal Search for analysis
Name ce490e76a6889320_biogeny.dll
Submit file
Filepath C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\Biogeny.dll
Size 1.1MB
Processes 2096 (window.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 6847ec1069c0fa535fa2aaae81639236
SHA1 72af81573a96a5b1ca619a0c652d1dc67bbcdd69
SHA256 ce490e76a6889320d1e1d8f8069e4c73702d6019723789a844ea4b669ff32cf7
CRC32 190BADF6
ssdeep 24576:8bdNMWL3qaF+PDBVMx4DBckjzqF6FH9BRh3OYgTRelF2SxiCfVqhTXu7U:+dNMWj7FiVM2SMjhJ2SxRVITXu7U
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 0f9c8454662d29c7_nond.zlr
Submit file
Filepath C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\Nond.zlr
Size 44.7KB
Processes 2096 (window.exe)
Type data
MD5 4a6442fd6349eaf75e4740c55ff6cd28
SHA1 0a5d4565bac6cbb1f33403f3305472d86ad7bf1f
SHA256 0f9c8454662d29c70cf4b09cee76a592ebd4a4bae5b3005642c54774a4a6b038
CRC32 70B6D744
ssdeep 768:JBhhH91MWknBgNkDXxeNXS+HDDhrOd/vsyWk2wKvS1+MJcI/aIvLG3CCm3aj8nhj:Nd9KUXk5R2BS1j8CCKhwV/jG
Yara None matched
VirusTotal Search for analysis
Name a96c4b077e5c2bd4_thaelquubkloun.eypc
Submit file
Filepath C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\Thaelquubkloun.eypc
Size 1.1MB
Processes 2096 (window.exe)
Type data
MD5 6c76126b958e1d27cf6ac1ce45f978ed
SHA1 d250b7a93224816c0cb3b685a73461607107b244
SHA256 a96c4b077e5c2bd4c0c23327bdbd60a53c14c8c3cd7819e0240ec9893d0de1e1
CRC32 1E4E4B68
ssdeep 24576:q6+GMN2AAWp+S3ZrbC/GncqaKANU8heI5s+21LxjG+1154Iy4:q6A2rbS3ZPcGZ2U8he+T2ps+11J
Yara None matched
VirusTotal Search for analysis
Name 506999fc82648367_sqlite3.dll
Submit file
Filepath C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\sqlite3.dll
Size 682.7KB
Processes 2096 (window.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 1527dc19adb673f07c9884c279159691
SHA1 b946e08100ea345ce794fa10a4065d691f04377b
SHA256 506999fc82648367840915f93daab55d9c2efddd1759047d383f3a151a31c300
CRC32 272B82A0
ssdeep 12288:pIwqOUengE0phFKxZVovamPYySE4B2BzkfWvPfuh2fllghUQKuyvcI+jKKj+zV63:pZwEu8ZOimgySE4BoznKKlLuyEI+CV63
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 55ea17a44d7a9882_irelay.exe
Submit file
Filepath C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\IRelay.exe
Size 7.3MB
Processes 2096 (window.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fa122de570f5f04feb13ded859bfa96c
SHA1 9cf36c88df020156afeee73adb9c78b931ad7f43
SHA256 55ea17a44d7a9882236b5cda25fa844e62cb1a4fe8d5cdc17b3591f4f98aa802
CRC32 60FCE0EB
ssdeep 98304:xRTmitxvjSgoSIlDPfwk+UYhOjEJeHMqBF/3A2dxulfpm5+X0t5P8QpqQ9A3bQqm:3TnmgoSIlDPov1hQqjqBFFif0+u5P8q
Yara
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Malicious_Packer_Zero - Malicious Packer
  • CAPTCHA_script - CAPTCHA script
  • mzp_file_format - MZP(Delphi) file format
  • Antivirus - Contains references to security software
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis